12 companies report 'WannaCry' damage in S. Korea

Tuesday, May 16, 2017 19:43

South Korea's state-run cybersecurity agency said Tuesday 12 companies have been struck by the crippling ransomware "WannaCry" so far, which has been emerging as one of the biggest threats to global cybersecurity.

Ransomware refers to malware that locks up files on a computer with encryption until the victims pay a certain amount of money to hackers. The latest instance of ransomware, called WannaCry, first surfaced last week, damaging some 200,000 computers in 150 countries around the globe.

The Korea Internet & Security Agency (KISA) said it has received 4,616 calls inquiring into ransomware through its hotline so far.

On Monday, South Korea's top theater chain CJ CGV said some of its advertisement servers were hit by the ransomware. Around 50 CJ CGV locations are estimated to have been affected by the attack. A bus schedule system in Asan, some 100 kilometers south of Seoul, was also struck by WannaCry.

Industry watchers, however, said most local companies and institutions seem to be intact so far as they are thoroughly prepared.

While a kill switch, a safety mechanism against ransomware, also prevented companies from suffering major damages, experts said computer users still need to be cautious as there is an increasing number of variants.

"Users must follow basic security rules and use the latest versions of the Windows operating system and virus programs," a cybersecurity expert said.

Some experts also speculate that the WannaCry ransomware might have been distributed by North Korea.

"North Korean hackers tend to use their own encryption logic not found in other malicious code," said Choi Sang-myung, an expert at Hauri Inc. "As similar logic is found in WannaCry, it is highly likely that North Korea is behind the case."